Legislative Overview: Electronic Cigarettes

By Danny Restivo, DMGS

In May the Food and Drug Administration expanded tobacco regulations to include electronic cigarettes. Many have hailed the product as a smoking cessation tool, while others see it as a gateway into nicotine addiction or potentially worse. As officials debate the benefits and hazards of e-cigarettes—which uses battery power to deliver liquid nicotine in the form of vapor—a sizable market has emerged. According to a 2014 study by the Centers for Disease Control, 12.6 percent of adults say they have used an e-cigarette, with use highest among 18-24 year-olds. Meanwhile, additional data released by the CDC in 2015 shows e-cigarette use tripling among middle school students, from 120,000 to 450,000 during 2013-2014. A large number of state and local laws prohibit the selling of e-cigarettes to anyone under 18, but the FDA’s regulations apply to every state.

The FDA’s regulation also places the $3.7 billion e-cigarette, or vaping, industry into the same regulatory category as tobacco, a competing market valued at roughly $95 billion. As a result, e-cigarette owners are stuck in a two front tug-of-war between the FDA and the tobacco industry. E-cigarette producers are now asking why they should face the same regulatory scrutiny when evidence suggests their product may be less hazardous compared to cigarette smoke. A 2014 study commissioned by the United Kingdom’s health agency shows electronic cigarettes are 95 percent less harmful than traditional cigarettes. While the e-cigarette industry tries to separate itself from the tobacco industry in the eyes of U.S. regulators, the FDA’s mandate can now buttress arguments for taxing e-cigarettes like tobacco products.

In November, California voters will go to the ballot and decide on proposition 56. If approved, the law would increase a cigarette tax from 87 cents to $2, which will extend to e-cigarettes. If voters enact this measure, California would join five other states with taxes on e-cigarettes, including Kansas, Louisiana, Minnesota, Pennsylvania and North Carolina.

In October, the Pennsylvania legislature approved a tax on all tobacco and e-cigarette items. Vendors now face a tax rate equal to 40 percent of the wholesale price on all e-cigarette items, making $15 e-cigarette products $20. Conversely, traditional tobacco cigarettes may increase by $1.60 per pack. Keystone state store owners who sell e-cigarette products are now trying to substitute the wholesale tax with a 5-cent-per-milliliter retail tax on vapor liquid. The 5-cent tax is similar to legislation North Carolina Governor Pat McCrory signed into law in May 2014. However, since the state legislation originated before the recent FDA regulations, traditional cigarettes received a more burdensome excise compared to vaping products.

In an effort to fill a $400 million budget deficit, Kansas legislators approved a package of tax increases, which included an excise on all tobacco and e-cigarette products. The law placed an additional 50-cent charge on cigarette packs, as well as 20-cent per milliliter on all vaping liquids. Meanwhile, both Louisiana and Minnesota have laws that regulate e-cigarettes the same as tobacco products.

While they haven’t implemented a tax, Indiana approved questionable regulatory policies that led the FBI to question state leaders in August. The Hoosier state’s e-cigarette law, which was signed by Governor Mike Pence in April, stipulates manufacturing guidelines for e-cigarette producers. Among the regulations was a guideline requiring a company that produced e-cigarette items to have a certification by a security company by June 30, 2016. However, based on the state guidelines for those security companies, there was only one available company that met the laws standards. Since then, only six e-cigarette companies, among a large number of available producers, have been approved to sell their products in Indiana. In essence, the new regulatory policy has created an oligopoly on e-cigarettes in the Hoosier state. The FBI has not confirmed the investigation, but several lawmakers have admitted they were questioned by agents.

While five states have passed tax policies regarding e-cigarettes, seven others—including California, Connecticut, Delaware, Hawaii, Maine, New Jersey and North Dakota—have all placed restrictions on the use of e-cigarettes in public. Most of these state regulations prohibit e-cigarettes in workplaces, bars, restaurants and other public places, treating it the same as smoking tobacco in public places.

In some states, local laws have come into conflict with the state’s categorization of vaping. In February, following a case in which an e-cigarette user was on a subway platform, a New York court ruled that e-cigarette users can’t be charged with violating the state’s anti-smoking laws because it’s not the same as smoking. The ruling read that smoking is “the burning of a lighted cigar, cigarette, pipe or any other matter of substance which contains tobacco,” whereas “An electronic cigarette neither burns nor contains tobacco. Instead, the use of such a device, which is commonly referred to as ‘vaping,’ involves ‘the inhalation of vaporized e-cigarette liquid consisting of water, nicotine, a base of propyleneglycol or vegetable glycerin and occasionally, flavoring.’ This does not fit within the definition of ‘smoking’ under the law.” While the city’s anti-smoking ordinance does extend to vaping, the police officers who arrested the e-cigarette user charged him under the state code as opposed to the city code. Since the incident, the New York State assembly is attempting to amend the law to include e-cigarettes.

In Kentucky, smoking in certain establishments is permitted, but Louisville approved anti-smoking ordinances in workplaces and public spaces in 2008. However, the law did not specify e-cigarettes. During recent public forums on whether to extend the ordinances to include e-cigarettes, supporters of the ban cited research from public health organizations as evidence of the harmful effects of vaping in public. Critics of the extension point to other research that shows vaping’s ability to help smokers kick the habit, therefore improving public health.

As the FDA takes a larger role in regulatory oversight of e-cigarettes, state’s may perceive vaping the same as traditional cigarette smoking. Early research from various public health organizations has provided a mixed bag of evidence regarding the harmful impacts of e-cigarettes. However, as the popularity of vaping grows, cities and states will have to decide whether to treat vaping as a public health hazard, or a beneficial tool.

For more information on e-cigarettes and smoking laws for each state, check out the interactive map from the Public Health Law Center.















Washington and Health Care Update

Election 2016

There are now less than two weeks until the November 8th election. The final presidential debate was held last Wednesday evening at the University of Nevada in Las Vegas, NV. Both Donald Trump & Hillary Clinton discussed their plans to address immigration, tax policy, the national debt, and foreign conflicts. According to FiveThirtyEight modeling based on current polling, support for Clinton is holding steady at a 6-point lead in national polls. Clinton is projected to receive 341 electoral votes, with Trump receiving 197.

WTO Sides With Chinese in Dispute Over U.S. Targeted Dumping Methods

The World Trade Organization generally sided with China in a dispute regarding U.S. antidumping duties imposed on 13 imported Chinese products. The WTO said the U.S. violated its international trade obligations in using a “targeted dumping methodology,” including zeroing, in original investigations and administrative reviews, according to the text of an Oct. 19 ruling.

“Targeted dumping” involves patterns of export prices that differ significantly among purchasers, regions or periods of time and which could be used to conceal dumping that cannot be appropriately taken into account under the standard “average-to-average” methodology for price comparison. Beijing filed the case in 2013 alleging that the U.S. Commerce Department’s antidumping methodologies were inconsistent with the WTO’s Antidumping Agreement.

The decision is noteworthy in that it marks the second time the WTO has rejected Washington’s use of a so-called “weighted average-to-transaction” and “zeroing” methodologies in its dumping investigations. The U.S. must now determine whether or how it will comply with the WTO decision or face the prospect of billions of dollars’ worth of retaliatory trade tariffs.

Health Care News

Obamacare Sign-Ups to Increase by 1 Million in 2017

Amid intense efforts by the Obama administration to target the uninsured in the U.S. president’s final months in the White House, sign-ups for health plans created under his signature domestic law are expected to rise by about 1 million next year.

The forecast illustrates the administration’s confidence in enrolling more people and keeping those who are covered from dropping out in a challenging year. However, the Obamacare exchanges are still not attracting enough young, healthy, and higher-income individuals who could help spread the health-care costs of the sickest over a bigger group.

About 13.8 million people will pick Affordable Care Act plans during the enrollment period that starts Nov. 1, the government estimated Wednesday, up from 12.7 million a year earlier.

“This is the last open enrollment for this administration,” Health & Human Services Secretary Sylvia Mathews Burwell said in a speech in Washington. “We’re going to make it count.”

2017 could be a particularly tough year to persuade people to sign up, with premiums rising and options narrowing in some markets. Surveys have shown that high costs are a key reason people are not buying plans, even when subsidies help lower premiums to under $100 a month for many individuals.

Passed in 2010, the ACA, among President Barack Obama’s key domestic policy achievements, helped push the number of people without insurance to record lows in the U.S. Still, millions of uninsured have not signed up and the law remains politically divisive. In the presidential race, Democratic candidate Hillary Clinton has called for bolstering subsidies to help more people buy coverage. Donald Trump, her Republican opponent, has said he would repeal Obamacare while working to ensure that people were still able to find health insurance.

The government estimates that a third of the 10.7 million eligible uninsured will pick ACA plans for next year, underscoring the difficulty of reaching those who have been left behind by the law’s gains. Some people are not buying ACA plans because of their cost, according to a Commonwealth Fund study. A separate report from the Kaiser Family Foundation found that about 5.3 million of the 27.2 million who are uninsured might be eligible for financial subsidies to help them buy ACA coverage.

Pa. Hospitals Drop Merger Effort After Court Loss

Two hospitals in Pennsylvania have decided to abandon a planned merger, after a federal appeals court last month granted a preliminary injunction to prevent the merger pending FTC review of the case. The Federal Trade Commission, in an Oct. 17 press statement, said the now-defunct proposed merger between PinnacleHealth System and Penn State Hershey Medical Center would have hurt consumers.

The merger would have joined a group of community hospitals owned by Pinnacle in and around Harrisburg, Pa., with the leading academic medical center and the primary teaching hospital of the Penn State College of Medicine, 14 miles away in Hershey, Pa. The FTC argued throughout the litigation that the merger would have hurt the market for hospital services in Harrisburg. The decision by the hospitals to abandon their merger plans could be considered a major win for the FTC, which only a couple of months ago seemed to be in danger of being forced to reconsider how it evaluated hospital mergers. Before the Third Circuit ruled, the commission had twice suffered defeats in federal trial courts when judges questioned its method of evaluating the geographic market for determining whether a proposed merger would create an anticompetitive hospital services market.

Cancer ‘Moonshot’ to Harness Microsoft’s Computing Power

The White House’s “moonshot” initiative to transform cancer care taps into industry giants from Microsoft and Amazon Web Services to ridesharing services Uber and Lyft, under a plan released Oct. 17. Vice President Joe Biden presented to President Barack Obama the final report of the cancer moonshot task force—an interagency group forming the federal plan to try to achieve a decade’s worth of progress in five years—along with his own personal report. The policy and regulatory changes in the task force report range from new drug approvals to patent reform, the arts, defense research and the environment, said Greg Simon, the executive director of the cancer moonshot task force. Simon also announced a number of private-sector initiatives.

“Today marks a banner day for the cancer moonshot with the release of the task force report,” Simon said. By culminating the work of more than 20 White House Cabinet and subcabinet agencies that have been meeting since February, he said, the report sets “a new standard for what it means to be involved in the fight against cancer.” The report itself said the task force marks the first time this many government agencies are collaborating to “to tackle the challenges along the spectrum of cancer research and care to improve outcomes for patients.”

Biden, who is leading the moonshot initiative, said medical technologies and treatment plans had progressed rapidly, even since his late son Beau was diagnosed with and later succumbed to cancer. “The fundamental thing I’ve come away with is there is a need for a greater sense of urgency because there are available answers now to some cancers and there is enormous opportunity in sharing data,” Biden said at a White House event to release the moonshot reports.

Ditch Obamacare Risk Corridor Suit, House Says

Federal lawmakers trying to avert “a massive giveaway of taxpayer money” said in a proposed brief that insurers are not entitled to recover funds under an Obamacare risk-sharing program (Health Republic Ins. Co. v. United States, Fed. Cl., No. 16-cv-259, proposed brief filed 10/13/16). The House on Oct. 13 filed a proposed friend-of-the-court brief in the U.S. Court of Federal Claims, saying the court should reject the first lawsuit by insurers seeking payments from the federal government under the Affordable Care Act’s risk corridor program.

The government’s failure to pay an alleged $5 billion under one of three ACA safety valve programs has insurers calling foul. The risk corridor program was intended to help insurers over the hump of adding higher-risk members, and the payment failure has been blamed for the demise of numerous insurers, including Consumer Operated and Oriented Plans formed under the ACA. A federal court already shut down the administration’s plan to reimburse insurers for ACA cost-sharing reductions, saying in a decision in another House lawsuit that the lack of a Congressional appropriation made the payments unlawful (93 DTR K-2, 5/13/16). That decision has been appealed.

Feds Expand Health Record Oversight Despite Pushback

The Obama administration moved forward with a final rule expanding federal oversight of electronic health records, despite opposition from the technology industry and Congress. The changes in the final rule (RIN:0955-AA00) allow the Office of the National Coordinator for Health Information Technology to directly review federally certified EHRs and other health information technologies, rather than rely on contractors.

Having greater oversight of federally certified EHRs will allow the agency to ensure that the technology is working properly and will not compromise patients’ safety, Vindell Washington, the national coordinator for health IT, said Oct. 14. “More transparency and accountability in health IT is good for consumers, physicians, and hospitals,” he said.

Some health IT industry observers warned that the ONC is overstepping its authority, echoing concerns by lawmakers made shortly after the agency first proposed the changes. Republican leaders of two congressional committees with health-care program oversight responsibilities challenged whether the ONC had the authority to respond directly to complaints about certified EHR systems in a July letter to the agency. Health IT industry groups have said they are worried the agency is seeking overly broad and ambiguous authority over federally certified EHRs and other health IT.

The ONC has repeatedly defended the rule and its authority to take a more direct role in overseeing its certification program. Currently, a few designated organizations in the private sector—known as ONC-authorized certification bodies (ONC-ACBs)—ensure that the thousands of certified EHRs being used by doctors are working properly. Doctors must use federally certified EHR systems to gain credit for participating in various Medicare payment schemes, including the meaningful use program and the upcoming Merit-based Incentive Payment System.

The final rule was published in the Federal Register Oct. 19.

John Zang Contributed to this report

Regulating Unmanned Aerial Systems

By Danny Restivo

In early October, Verizon Communications flew a 17-foot remote control plane over Cape May, New Jersey as part of an emergency response exercise that assessed an Unmanned Aerial Systems (UAS) ability to provide network data over dead areas. The trial came on the heels of Verizon’s announcement of their intentions to offer data packages through UAS, subsequently allowing drones to capture or stream video in mid-flight. Verizon’s proposal, as well as its exercise, signals yet another high-profile company’s venture into a rapidly growing market. In September, Verizon-rival AT&T unveiled plans to use drones for inspecting cellphone towers and testing the performance of wireless networks. AT&T has also begun offering data plans for UAS as well.

The move by these telecommunication giants comes two years after Amazon CEO Jeff Bezos unveiled future plans to deliver packages with unmanned aircraft during a 60 Minutes interview in 2013. While Amazon, as well as Google, lobbied to make regulations delivery friendly, the FAA released commercial drone guidelines in June mandating that any person “operating the [UAS] must be capable of seeing the aircraft with vision unaided by any device other than corrective lenses.” The regulation also stipulates that drones can only be used for delivery in a narrow set of circumstances.

As a result of the FAA regulation, Amazon moved this component of research and development operations to Britain. The shipping giant is now working with United Kingdom officials to create policies conducive for commercial drone use.Amazon continues to call for less stringent UAS regulations in the United States, while market leaders in other sectors have aimed to capitalize on the technology without suffering a similar fate.

According to a White House Fact Sheet, the commercial drone industry is projected to generate $82 billion and support nearly 100,000 jobs over the next decade. A 2016 report from PricewaterHouseCoopers (PWC) estimated the commercial market for UAS applications could grow to $127 billion by 2020, of which $45 billion includes supporting infrastructure needs.In light of these expectations, Verizon hopes their UAS data plans can support work in energy, infrastructure, construction and other industries.

New York Energy Provider Con Edison has already begun testing how well drones inspect 10-story high boilers in East Manhattan. Instead of building scaffolding, UAS uses video, photography and thermal technology to inspect large boilers that help produce energy for New York’s most iconic buildings. Moreover, large utility companies like Duke Energy, Exelon, National Grid, Southern Company, Pacific Gas & Electric and Xcel Energy have all begun testing UAS technology for energy service support needs. However, under the FAA regulations, companies using UAS must have certified commercial drone pilots, while also obeying the line of sight rule. This stipulation has hampered its implementation for some organizations, especially those wanting to inspect hundreds of miles of power lines without devoting a large number of personnel. As a result, some companies have sought out waivers from the FAA.

According to the PWC report, agriculture is another sector that’s expected to generate a lot of money for UAS, nearly $32.5 billion worth. With a growing population and the demand for maximum crop yields increasing, farmers have become a target market for UAS. Among the benefits, farmers can capture crop density, assess water and disease management, and collect invaluable data for the next year’s harvest. In February 2016, John Deere announced a partnership with a Minneapolis-based software firm that specializes in agricultural technology, including UAS. However, like many utility and energy companies trying to benefit from the technology, John Deere may have to get a waiver from the FAA regarding visibility issues before they can offer UAS to customers.

With a large commercial drone market emerging, many states and municipalities have begun to ask how an increase in UAS usage might impact safety and security. In 2015, “pilot reports of interaction with suspected unmanned aircraft increased from 238 in 2014 to 780.” The FAA law does provide a framework, but it does not stipulate how municipalities or states should regulate drones for police surveillance, trespassing, voyeurism, hunting and other uses.State and local legislators are now balancing constituent concerns over UAS with potential economic benefits.

As of October, 17 legislatures have enacted 31 pieces of legislation related to drones, while 38 other states have considered legislation in 2016. Many of the regulations enacted center on the need to protect critical infrastructure. In Tennessee it’s illegal for drones to go within 250 feet of a facility’s perimeter, while Oklahoma, Texas and Oregon have enacted “de facto” no fly zones over critical facilities.

Furthermore, municipalities have begun to enact ordinances regulating UAS. In Cleveland, the city council passed legislation prohibiting drones from within five miles of any regional airport, as well as other policies permitting local law enforcement to enforce FAA regulation. Meanwhile, greater Cleveland municipalities have passed laws that bar UAS near schools, city buildings and other critical infrastructure.

In February, Los Angeles filed criminal charges against two men for flying a drone in the vicinity of a police helicopter. The misdemeanor charges came two months after the city approved an ordinance that made it illegal to fly a drone more than 500 feet in the air, and within five miles of an airport without permission. Both Cleveland and Los Angeles ordinances comply with FAA mandate, but some states have passed legislation keeping UAS regulation within the statehouse. Virginia, Maryland, Vermont and Rhode Island have approved legislation that prohibits local governments from passing their own drone laws.

“The enactment of drone policies from state and municipal legislatures, like those in Cleveland, Tennessee and other locations, illustrates how a UAS regulatory framework may unfold elsewhere and how it will surely spark further regulatory debate” says Brett Goldman, DMGS Manager of Special Projects. “Once again” adds Goldman, “we find ourselves with an incredibly exciting, disruptive, and overall helpful technology that elected officials and regulators will one way or another learn to understand. Hopefully, that understanding comes with frictionless industry participation and results a smooth evolution of the technology into the hands of the consumer.”

Here are is a list of states with enacted unmanned aircraft regulation:


Enacted UAS Legislation By States in 2015 and 2016
(National Conference of State Legislatures)
Arizona (1449) Prohibits certain UAS operations from interfering with first responders. The law prohibits operating near, or using UAS to take images of a critical infrastructure facility.

Arkansas (Act 293) Prohibits the use of drones to commit voyeurism. (Act 1019) Prohibits UAS from recording information about critical infrastructure without consent.

California (AB 856) Prohibits a UAV from entering an aircraft’s airspace in order to capture an image or recording of an individual, his family or friends. This legislation is a response to the use the use of UAS by the paparazzi. The state has also enacted laws that offer first responders immunity if they damage a drone while attending to an emergency, while making it a misdemeanor to interfere in an emergency response situation with a drone.

Delaware (HB 195) Makes it a crime to use UAS at an event with more than 1500 attendees. It also makes it illegal to fly a drone over critical infrastructure and an incident where first responders are engaged. The law also specifies that only the state may enact UAS laws or regulation.

Florida (SB 766) Stipulates that drones can’t capture images of private property, the owner, tenant or occupant without consent if a “reasonable level” of privacy exists.

Hawaii (SB 661) Establishes a UAS test site and advisory board, as well as a Chief Operating Officer for the Hawaii UAS test site.

Idaho (SB 1213) Prohibits drones while hunting, or locating wild game.

Indiana (HB103) Allows UAS to capture photos and video of a crash. (HB 1246) Prohibits UAS from locating game during hunting season.

Kansas (SB 319) Expands harassment laws to include drones.

Louisiana (Act No. 166) Regulates UAS in commercial agricultural operations. The state has passed a variety of laws and regulations that prohibit drones from interfering with police response, schools, trespassing, surveillance and voyeurism.
Maine (LD 25) Requires law enforcement to receive approval before acquiring UAS, as well as a warrant before using UAS. Also specifies that law enforcement comply with all FAA requirements.

Maryland (CH 0164) Specifies that only the state can regulate UAS, preempting county and municipal authorities from creating their own ordinances.

Michigan (Act 12) Prohibits drones from harassing or interfering with hunters (Act 13) Prohibits using UAS to hunt game.

Mississippi (SB 2022) stipulates that using a drone for “peeping tom” activities is a felony.

Nevada (AB 239) Includes UAS in the definition of aircraft and regulates the operators of UAS. It also prohibits the weaponization of UAS and prohibits the use of drones within a certain distance of critical facilities and airports without permission. The bill specifies certain restrictions on the use of UAS by law enforcement and public agencies and requires the creation of a registry of all UAS operated by public agencies in the state.

New Hampshire (SB 222) Prohibits the use of UAS for hunting, fishing or trapping.

North Dakota (HB 1328) Stipulates limitations for using drones for surveillance.

Oklahoma (HB 2599) Prohibits the operation of UAS within 400 feet of a critical infrastructure facility.

Oregon The state has enacted a variety of regulations related to drones, including laws against their weaponization. Oregon has also regulated law enforcements use of UAS.

Rhode Island (HB 7511) Gives exclusive regulatory authority over UAS to the Rhode Island and the Rhode Island Airport Corporation.

Tennessee (HB 153) Prohibits capturing images over certain open-air events and fireworks displays. It also prohibits the use of UAS over prisons and other correction facilities.

Texas (HB 3628) Permits the creation of rules governing the use of UAS in the Capitol Complex and provides that a violation of those rules is a misdemeanor. (HB 2167) Permits individuals in certain profession to capture images using UAS, as long as no individual is identifiable. (HB 1481) Makes it a misdemeanor to operate UAS over critical infrastructure facility not more than 400 feet off the ground.

Utah (HB 296) Allows a law enforcement agency to use UAS to collect data at a testing site and to locate a lost or missing person in an area where a person has no reasonable expectation of privacy. It also institutes testing requirements for a law enforcement agency’s use of an unmanned aircraft system. (HB 126/3003) Makes interfering in a wildfire operation with drone a criminal act.

Vermont (SB 155) Permits and regulates the use of drones by law enforcement. The law also makes weapons on drones illegal.

Virginia (HB 2125) Requires a law enforcement agency to secure a warrant before using a UAS for any purpose, except in limited circumstances. (HB 412)Prohibits localities from enacting drone ordinances.

Wisconsin (SB 338) Prohibits using a drone to interfere with hunting, fishing or trapping. (AB 670) Prohibits drones from operating over correctional facilities.

West Virginia (HB 2515) Prohibits hunting with UAS.

For more information, contact Eric Martins (emartins@dmgs.com)

Looking Ahead: The Intersection Between Cyber Security Regulation and the Financial Sector

By Danny Restivo

On September 13, The New York State Department of Financial Services (NYDFS) proposed a law calling for all regulated financial institutions in the Empire State to enact a list of cybersecurity measures.[1] The proposal requires banking, insurance, and financial services companies under the jurisdiction of the NYDFS to adopt and maintain a strong cybersecurity program.

Among the guidelines, the proposed regulation requires organizations (termed as “covered entities”) to designate a Chief Information Security Officer (CISO) to oversee cyber security programs and procedures. The mandates also include oversight measures for information shared by or with third parties, including law firms, accounting services, and marketing groups.[2]

“New York, the financial capital of the world, is leading the nation in taking decisive action to protect consumers and our financial system from serious economic harm that is often perpetrated by state-sponsored organizations, global terrorist networks, and other criminal enterprises,” said Governor Andrew M. Cuomo in a statement from the New York State Department of Financial Services. “This regulation helps guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyber-attacks to the fullest extent possible.”[3]

Currently, the proposed regulation is open to a 45-day public commenting period after it was published on September 28 in the New York State Register. If the proposal is adopted, covered entities will have 180 days from January 1, 2017 to comply with its requirements.
The proposal aims to protect consumers, as well as financial institutions from an increase in cyber-attacks. In 2015, large banks in the Philippines, Vietnam, Bangladesh and Ecuador experienced major hacks that netted millions for cybercriminals.[4]  In light of these high-profile incidents, a number of large financial institutions have invested in secure digital infrastructures. As a result, many organizations already fall in-line with New York’s proposal. However, many smaller covered entities have not made the same investments, and if the law is approved, they will be forced to make costly upgrades.[5]
Critics opposed to the regulation say the new guidelines overlap with mandates set forth by the Federal Financial Institutions Examination Council (FFIEC), an interagency that includes the Federal Deposit Insurance Corporation, the Federal Reserve Board of Governors and the Consumer Financial Protection Bureau.[6] Although the FFIEC proposal has many of the same requirements, the NYDFS goes further in calling for cyber security assessments, notification of authorities within 72 hours of a breach and the appointment of a CISO.

While Cuomo dubbed the legislation a “first-in-the-nation,” other states have enacted similar regulation and guidance regarding cybersecurity. The Massachusetts’ Standards for the Protection of Personal Information of Residents of the Commonwealth requires every business holding personal information on residents to comply with certain security safeguards.[7] Moreover, state authorities around the country have provided organizations with similar instructions for the adoption of cybersecurity standards. In California, the Attorney General’s office publishes an annual report that includes specific practices for “reasonable security measures” that align with the states information security statutes. These recommendations are not requirements, allowing organizations the flexibility to craft a cybersecurity program that best responds to their industry-specific vulnerabilities.[8]

Eric Martins and Brett Goldman of DMGS agree: “Ultimately, the NYDFS is far more prescriptive than any current state-authored regulation,”  said Martins. While organizations outside the Empire State may want to ignore the NYDFS proposal, other governmental agencies have recognized the need to establish “minimum standards” for the protection of consumer-sensitive information.[9] If approved, New York’s cyber security regulation will be the first and it will serve as an important model for other the efforts of other states’ that pursue comparable legislation. “I think the bigger question here” adds Goldman, “is how quickly other states will take notice and make sure that their financial institutions and other businesses are proactive in protecting themselves from Cyber vulnerabilities”

[1] “Governor Cuomo Announces Proposal of First-In-the-Nation Cybersecurity Regulation to Protect Consumers and Financial Institutions.” New York Department of Financial Services, Sept 13, 2016. https://www.governor.ny.gov/news/governor-cuomo-announces-proposal-first-nation-cybersecurity-regulation-protect-consumers-and

[2] Bucsescu, Marle and Waxman, Matthew. “NY State Cyber Regulations for Banks.” Lawfareblog.com, Sept. 19, 2016. https://www.lawfareblog.com/ny-state-cyber-regulation-banks-model.


[4] Pagliery, Jose. “Global Banking System: What you need to Know” CNN Money. May 28, 2016. http://money.cnn.com/2016/05/27/technology/swift-bank-hack/

[5] Taylor, Harriet. “Critics are Skeptical of New York’s Proposed Financial Security Laws.” CNBC. September 26, 2016. http://www.cnbc.com/2016/09/26/critics-are-skeptical-of-new-yorks-proposed-financial-cybersecurity-rules.html

[6] Jacob, C. Reade; Mao, Mark C.; Raether, I. Ronald Jr., and Taylor, Ashley L. “NY Proposes Regulations Requiring Financial Services Companies to Implement Cyber Security Measures.” Consumer Financial Services Law Monitor. September 26, 2016. http://www.consumerfinancialserviceslawmonitor.com/2016/09/ny-proposes-regulations-requiring-financial-services-companies-to-implement-cyber-security-measures/?utm_source=Mondaq&utm_medium=syndication&utm_campaign=View-Original

[7] Jacob, C. Reade; Mao, Mark C.; Raether, I. Ronald Jr., and Taylor, Ashley L

[8] Harris, Kamala.  “California Data Breach Report: February 2016.” California Department of Justice.

[9] Roberts, Jeff John. “Look Out Companies, Here Comes the Cyber Regulations.” Fortune, September 25, 2016.

Brett Goldman edited this report

Washington and Health Care News


Election 2016

According to FiveThirtyEight modeling based on current polling, support for Clinton has steadily increased after the first presidential debate. Clinton is projected to receive 341 electoral votes, with Trump receiving 197. The second presidential debate held in a town hall format in St. Louis, MO featured discussions of tax policy & the ongoing Syrian Civil War. The final presidential debate will be held on October 19th at 9:00 pm ET at the University of Nevada in Las Vegas, NV.

Lame Duck Appropriations Process

House and Senate negotiators have the giant task in the lame-duck session of trying to complete the 11 remaining fiscal 2017 appropriations bills — a task made more difficult by a $4 billion difference in the way the House and Senate draft bills squeeze in extra spending. Both sets of draft appropriations bills adhere to the $1.07 trillion budget cap. To accomplish that, the Senate bills make use of $20.1 billion in phantom mandatory cuts, compared with $16.3 billion of such cuts in the House bills.

The cuts are known as Changes in Mandatory Programs (CHIMPs) and generally allow appropriators to claim savings by capping mandatory spending that wasn’t expected to take place anyhow. Critics deride the practice as gimmickry. Last year, the House and Senate adopted a budget resolution limiting CHIMPs in the fiscal 2017 bills to $19.1 billion, meaning the Senate bills would technically be in violation of the rule. Conservatives originally had pushed for a $16 billion limit on CHIMPs this year.


The existing restriction can be waived by 60 votes in the Senate, something an omnibus spending bill would need in any case to win passage in that chamber. The biggest difference between the House and Senate is apparent in the Transportation-Housing and Urban Development bill, S. 2844, as demonstrated by an August list of CHIMPS from the Office of Management and Budget.

Half of Medicare Advantage Drug Plans Get High CMS Rating

Nearly half of all Medicare Advantage plans with prescription drug coverage (49 percent) received a four-star or higher ranking from the CMS for the 2017 plan year, according to data released today. MA plans with drug coverage on average made marginal gains in CMS’s quality rating system, but Part D drug-only plans made more significant gains.

The number of MA plans with drug coverage that garnered ratings of four or more stars (out of a total of five) for the 2017 plan year was roughly equal to the 2016 plan year numbers. Star ratings might harm the enrollment and revenue for MA plans that received low star ratings. Prominent Medicare plan issuer Humana saw its ratings drop, which the company said may have an impact on its enrollment and revenue.

The star ratings are designed to measure the quality of the MA plans and help beneficiaries make coverage decisions. The star ratings grade MA plans on a variety of metrics, including clinical quality and patient satisfaction. Medicare Advantage enrollment is expected to hit 18.5 million in 2017, a 60 percent increase from 2010, according to a blog post from Sean Cavanaugh, the CMS’s deputy administrator and director of the Center for Medicare.

Average star ratings for MA plans with prescription drug coverage have jumped from 3.86 for the 2014 plan year to the current 4.0 for the 2017 plan year, the CMS said. Star ratings for Medicare Part D plans were also released, with 49 percent of plans receiving four or more stars for the 2017 plan year. The average star rating for Part D plans increased from 3.05 in 2014 to 3.55 for 2017.

FDA Left Out of Zika Emergency Funds

The FDA is aiding the fight against the Zika virus without any dedicated Zika funding in the new fiscal year. The recently approved $1.1 billion package of federal funding to respond to the Zika outbreak is expected to generate more tests and vaccine candidates. However, that funding doesn’t cover the Food and Drug Administration’s costs in reviewing new policies and diagnostics and vaccines.

The agency already has spent millions of dollars on Zika work, an agency spokeswoman told Bloomberg BNA. In addition, an advocate of more FDA funding said there already is a “surge of work” on Zika at the agency. Congress provided $1.1 billion at the end of September to respond to the outbreak of the Zika virus as part of the continuing resolution (H.R. 5325) to keep the government running through early December. That funding, which came after months of fighting among Congress over provisions attached that funding, allows the National Institutes of Health to continue its pursuit of a Zika vaccine, and helps the Centers for Disease Control and Prevention with its public health response (14 PLIR 1374, 10/7/16).

As of late September, the FDA has spent $5 million in annual resources and “utilized” more than 400 staff members to respond to the Zika virus, according to FDA estimates. “Because additional funding to support Zika virus response activities was not provided to the FDA under H.R. 5325, the FDA will continue to leverage funding from its base resources to sustain response activities,” said FDA spokeswoman Tara Goodin. “Sustaining scaled-up Zika response activities using current base resources is a challenge and requires the FDA to reprioritize work in other important areas, as well as limiting the FDA’s ability to support highly targeted regulatory science research that is required for the efficient development and regulatory review of medical products for Zika virus disease.”

The FDA describes regulatory science as the science of developing new tools, standards, and approaches “to assess the safety, efficacy, quality, and performance of all FDA-regulated products.”

John Zang contributed to this report. 

Weekly Congressional and DC Update

Election 2016

According to FiveThirtyEight modeling based on current polling, Clinton and Trump were being given nearly 50-50 chances of winning leading up to their first debate on Sept 26. The debate featured discussion of both trade policy, the criminal justice system, and US foreign & martial policy. Since the debate, Clinton’s position improved slightly, but is only marginally better than Trump; she is projected to receive 46.5% of the vote, with Trump receiving 44.3%, and Gary Johnson 7.9%. 

Congress Averts Shutdown by Clearing Stopgap Bill With Zika Cash

Congress sent President Barack Obama a stopgap spending bill on Wednesday after lawmakers reached a bipartisan deal to keep the government funded through Dec. 9. In its last vote before the November election, the House passed the measure 342-85 late Wednesday, following a favorable Senate vote earlier in the day. The White House indicated Wednesday that Obama would sign the measure.

The measure, which averts a partial government shutdown, also includes funding to fight the Zika virus and support veterans programs, and assist with flood damage in Louisiana and several other states. The bill’s passage represents a victory for Democrats, who got much of what they had been demanding for months — significant funding to combat Zika without barring money going to Planned Parenthood, which provides women’s health services including abortion. They also beat back numerous attempts by Republicans to score policy victories in the bill, including efforts to stop the privatization of internet domain name assignments.

Senate Majority Leader Mitch McConnell of Kentucky, was able to avoid a politically volatile shutdown and allow vulnerable Republican senators to return home to campaign, while House Speaker Paul Ryan of Wisconsin skirted a rebellion by conservative members seeking a six-month stopgap. The Dec. 9termination date means that Congress will rejoin the fight over government funding for the rest of the fiscal year after the November election. Whether Hillary Clinton or Donald Trump wins the presidency will largely determine whether spending bills are completed then or if decisions are pushed into next year, a more likely scenario if Trump wins.

Justice Against Sponsors of Terrorism Act

The House & Senate successfully overrode President Obama’s veto of S. 2040, an act which would allow victims of terrorist attacks on US soil to sue foreign government officials that funded or aided in the execution of the attacks. Congress’s override vote marks the first time that President Obama’s veto has been overruled during his presidency. The bill is broadly worded, but was passed in the House & Senate in response to Saudi Arabian government officials’ funding of the operatives involved in the September 11 attacks on the World Trade Center. President Obama had expressed concerns about the law’s potential for blowback, presenting the possibility of foreign governments subjecting US officials to lawsuits regarding foreign US military & intelligence operations.

Pentagon’s 5,000-Strong Cyber Force Passes Key Operational Step

A 5,000-person Pentagon force created to bolster military computer networks and initiate cyber attacks against terror groups should be ready to carry out its mission by the end of the week, a key step in improving the U.S.’s ability to respond to hacks by overseas adversaries.

The Cyber Mission Force will reach “initial operational capability” by Friday, said Colonel Daniel J.W. King, a Cyber Command spokesman, in an e-mail. The group’s 133 teams have met basic criteria on personnel, training, resources and equipment, but all of them aren’t necessarily ready to launch attacks, he said.

The force, which falls under the U.S. Cyber Command created in 2009, likely will focus on the highest priorities, such as risks from Russia, China, Iran and terrorist groups including Islamic State. Previously, cyber operations were scattered in silos across Cyber Command, the NSA and other military branches. Officials plan to expand the force by another 1,200 people as part of the process of becoming fully combat ready.

NJ Legislative Alert: A4093 Concerning Scrap Tire Recycling

A4093 Concerning Scrap Tire Recycling

A4093 is an Act aimed at amending and supplementing New Jersey’s recycling laws to include scrap tires on the list of items legally required to be recycled. This Act concerns the Department of Environmental Protection, scrap tire haulers, scrap tire facilities, and New Jersey recycling centers.
A4093 seeks to:

  • Legally obligate the recycling of scrap tires
  • Prohibit disposal of scrap tires as solid waste
  • Institute a Department of Environmental Protection (DEP) system of scrap tire tracking, collection, recycling, and responsible disposal within 180 days of A4093 enactment
  • Require scrap tire haulers and recycling centers to be licensed by the DEP within 180 days of A4093 enactment
  • Require New Jersey district recycling plans to include source separation of scrap tires from solid waste stream
  • Implement a system of fines of up to $25,000 dollars for violation of A4093
  • Ensure no person in the state of New Jersey knowingly dispose of scrap tires as solid waste after January 1st, 2017
  • Prevent illegal dumping of scrap tires

As mentioned in A4093, the recycling and reuse of scrap tires provides a number of benefits, while limiting landfill overflow. Recycled tires can be used as playground cover material, alternative fuel, and in civil engineering applications, which all could benefit New Jersey greatly.

Status: A4093 has been referred to Assembly Environment and Solid Waste Committee for further review.


Billy Hoffer Contributed to this Report